The rate at which cyber-crime is growing is truly alarming. According to the latest PwC Economic Crime Survey, 50 per cent of British companies are expected to be effected by cyber-crime in the next two years.
PwC’s survey spoke to more than 1000 companies, with a staggering 33% of them admitting that they had no plan in place for a malware attack or data theft. Further, only 12% expressed their confidence in the effectiveness of the police and authorities successfully reprimanding those behind the attack.
Perhaps the confidence level will change this autumn with the establishment of the National Cyber Centre to be based at GCHQ. The Centre that will act as a one-stop help and knowledge centre, is replacing the government’s current array of bodies into one single organisation, and aims to make it easier for companies to get the support they need with tackling cyber-crime.
Does the size of the company matter?
Have you ever heard the sentiment – ‘we aren’t likely to get targeted because we are small, and hackers can’t possibly be interested in what we do.’
In fact, the opposite is true. One of the more vulnerable groups to cyber-crime is small and medium –sized enterprises (SMEs). A recent government survey found that nearly three quarters of SMEs (74%) reported a security breach in 2015. This is worrying, especially when read in conjunction with Symantec’s latest report which notes that a company or organisation that has been targeted once is likely to be targeted at least three more times throughout the year.
The role of communications in the prevention of cyber attacks
There are steps that companies can take themselves to mitigate the risks. Some of them relate to our area of expertise - i.e. - communications. If you have an effective communications strategy in place for what happens before, during and after a cyber-attack, it can go a long way in mitigating the risks.
Building the right internal culture
The likeliest breach into any company comes from its employees. The internet of things (IoT) has arrived, and we only have to look around to witness the impact it is having on our daily lives. Companies are increasingly encouraging employees to bring their own devices to work, which leaves far less secure devices accessing the corporate network, posing a new security threat.
Ultimately, it is about fostering a culture of security that acknowledges the threat that cyber-crime can pose. Making such awareness part of the company’s culture is one of the most effective protections you can get. Breaching even the best of IT-systems is easy if the password is your name or even “password”. Simple awareness programs explaining to employees the danger of doing this can go a long way in making all of your data and logins more secure.
A three stage process
A corporate cyber crisis is one of the most complex and demanding issues an organisation can face. Aside from building a more general company culture that doesn’t take cyber for granted, we can break down other communication activities into three distinct phases - before, during and after:
Before an attack
Every employee needs to be involved in the culture of security at the company.
Awareness can be raised through an intranet portal of advice and by holding internal workshops to raise awareness. As cyber-crime is constantly changing and evolving, it is paramount to make sure that your internal communication is constantly up to date—so there can be no confusion.
Any general will tell you that even the best laid plans disappear at the sound of the first bullet. Having a concrete emergency response plans (ERP) that all employees can follow in the event of a breach can help stop a data breach escalating.
During,
The first thing to do in any crisis is acknowledging that it happened. The next step is communicating what actions you are taking, what and how everything has been affected. Transparency often acts as a proxy for trust; therefore, it is important to have a communications process that is clear, direct and honest.
This is your time to stay on top of social media. As the fastest moving information portal, it is here you can quickly connect with your audience, and keeping the public updated on what is happening. Continuous communication cannot be stressed enough, as it helps to mitigate the damage caused, and shows that you are addressing the issue.
It is never an effective plan for a company to become reclusive during a time of crisis. This is even truer with an issue such as cyber-crime, which is very murky and diffuse by nature.
After,
In a crisis, it is easy to focus so hard on making it through the day that often the long-term plan is forgotten. Make sure you take the time to assure both internal and external stakeholders that you are taking all potential measures to ensure that it will not happen again. Finding out what happened and communicating it will show that you are actively working on making sure that this is the case. Here, you have a chance to show that you have learned from your mistakes and developed as an organisation. Have you made any changes to the way you operate or taken other steps? Highlighting these to your stakeholders will present yourself as leading the way in addressing any future issues. Lastly, be active. Do not let yourself be a passive character in your company’s narrative; rather make sure to keep moving and to highlight your activity.
Comments